Subscribe to our Threatpost Today newsletter

Join thousands of people who receive the latest breaking cybersecurity news every day.

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

*

*

I agree to my personal data being stored and used to receive the newsletter

*

I agree to accept information and occasional commercial offers from Threatpost partners

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

In a letter sent Tuesday to the Department of Homeland Security, Sen. Ron Wyden (D-OR) called for federal agencies to implement stricter controls on e-mail that would prevent hackers from impersonating email addresses of federal agencies.

Wyden called for the use of an email protocol called Domain-based Message Authentication, Reporting and Conformance (DMARC). The protocol can be used to filter or block spoofed emails that use a real domain address but are sent from a third-parties such as an attacker.

“I write to ask you to take immediate steps to ensure that hackers cannot send emails that impersonate federal agencies,” Wyden wrote. “The threat posed by criminals and foreign governments impersonating U.S. government agencies is real.”

It’s estimated that that only two percent of the government’s 1,300 domains, such as FTC.gov and FDIC.gov, use DMARC to block spoofed emails, according to Global Cyber Alliance, an organization that promotes DMARC as an industry standard.

DMARC wards off email spoofing, which is central to most phishing attacks. The premise behind DMARC is that it checks email against both the Domain Keys Identified Mail and Sender Policy Framework validation systems. If a message satisfies these checks it is sent through to the recipient, otherwise it’s quarantined or blocked.

In 2016, the Internal Revenue Services reported a 400 percent increase in attempts by criminals to impersonate the agency through phishing, Wyden said. In the letter, Wyden cited a case where a phishing campaign sent emails purporting to come from the Defense Security Service, part of the U.S. Department of Defense, but were instead part of a phishing ploy.

“Most government agencies have not deployed DMARC in a blocking capacity,” said Philip Reitinger, president and CEO of Global Cyber Alliance. “The federal government is not alone. There is a lot of work to be done across government and industry.”

In his letter (PDF), Wyden notes that the British government recently implemented the DMARC protocol and has already seen it shore up its email security.

“Government-wide implementation of DMARC has had a huge impact in the United Kingdom. In 2016, the U.K. required all government agencies to enable DMARC. As a result, the U.K.’s tax agency has stated that it reduced the number of phishing emails purporting to come from that agency by a staggering 300 million messages in one year,” he wrote.

Wyden is calling for the DHS to add DMARC scanning of federal agency systems as part of its existing Cyber Hygiene program. He is also calling for General Services Administration to create a central repository for DMARC reports across all government agencies in order to shine a brighter light on who is attempting to impersonate U.S. government agencies.

Last year, Google adopted the DMARC protocol for its web-based email. The move followed similar initiatives from Yahoo and AOL; Yahoo moved its mail services to DMARC in November 2015.

Phishing remains a constant and viable threat, not only from cybercriminals interested in fraud and financial crime, but also in targeted attacks by criminal and nation-state attackers.

Authors

Threatpost

InfoSec Insider Post

InfoSec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Post

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.